Before Provisioning Rule Overrides Create Account Policy Attributes

MounikaPrathapani · January 5, 2026, 3:07am

Hi,

As part of the account creation process, we need additional attributes data to create account on the web services based target system.

Right now, am calculating these additional attributes data via Before provisioning rule and updating the plan like below as this data is not available at the identity profile level

plan.put(“DepartmentID”, DId);

but, this is overriding all the other attributes that are coming from create account policy.

Is this the right way to add the attributes to the plan in the before provisioning rule. Also, suggest if there is way to calculate these attributes data in the account create policy itself.

TIA

JackSparrow · January 5, 2026, 9:13am

Hello Mounika,

plan.put(“DepartmentID”, DId) will replace the entire plan object. Below are the options you can go with

Option 1: You can create a custom Identity attribute and map it to account attribute in “Create account Policy“

Option 2: Create a new attribute request and add the attribute request to the plan. Below is the code you can use for BeforeProvisioning Rule

import sailpoint.object.*;
import sailpoint.object.ProvisioningPlan.AccountRequest;
import sailpoint.object.ProvisioningPlan.AttributeRequest;

for (AccountRequest accountRequest: plan.getAccountRequests()) {
    if (accountRequest.getOperation().equals(ProvisioningPlan.AccountRequest.Operation.Create)) {

        // Create a new AttributeRequest for the department
        AttributeRequest attrRequest = new AttributeRequest("AttributeName", ProvisioningPlan.Operation.Add, "AttributeValue");

        //e.g new AttributeRequest("PermissionSet", ProvisioningPlan.Operation.Add, "LightningConsole"))

        // Add the attribute request to the account request
        accountRequest.add(attrRequest);
    }
}

MounikaPrathapani · January 5, 2026, 2:54pm

Hi Teja,

Thanks for the response.

The intent was to put these arguments at the plan level not at the account level so that i can extract and put it in the create account operation JSON body on the webservices source UI. If i put it as an attribute request, it will trigger the add entitlement operation which we don’t want.

and also, is there any reason why plan.put(); overrides existing plan attributes as i am just adding one more key and value to a map where am considering the plan as a map.

JackSparrow · January 5, 2026, 3:19pm

Hello @MounikaPrathapani , plan.put(); will replace the whole plan. It’s not modifying the plan. Think it as PUT request in API which updates the whole resource and not like PATCH.

You can refer below blog to pass additional arguments to the plan so that those arguments can be refereed in JDBC provisioning rule

Topic		Replies	Views
Before provisioning rule to update the plan with non provisioned attributes ISC Discussion and Questions identity-security-cloud	8	168	September 6, 2025
How to add an attribute from an account to the provisioningPlan ISC Discussion and Questions webservice-connector , rules , identity-security-cloud , provisioning , entitlements	6	747	June 22, 2024
Adding Missing Identity Attributes with Before Web Services Operator Rules in IDN ISC Discussion and Questions webservice-connector , identity-security-cloud	5	296	August 19, 2024
Web Services Reference Attributes in Provisioning Plan added by Before Provisioning Rule ISC Discussion and Questions webservice-connector , apis , rules , identity-security-cloud , provisioning	4	1514	August 16, 2023
Custom Attributes in Provisioning Plan ISC Discussion and Questions identity-security-cloud , provisioning	8	2035	September 18, 2023

Before Provisioning Rule Overrides Create Account Policy Attributes

Related topics